General
-
Target
524b71c4013215761e79452ecd84fecf4ee101bd2011d2d95e604a566db996af.vbs
-
Size
190KB
-
Sample
241002-dx4desycpe
-
MD5
a992cf1046f493363298d5afb9caa0fe
-
SHA1
45655954dbcb8526284b0227728425d240dc2269
-
SHA256
524b71c4013215761e79452ecd84fecf4ee101bd2011d2d95e604a566db996af
-
SHA512
524425e8e0faa766ba90311ec2b74797023a5a173c353014b227026784717533dca8a3c10edb855b3fb5ae6acb83580b737471a140997fe34f9d265df9b280c2
-
SSDEEP
3072:tCqWL6Dgt5pSGwEXy73+eoUZ34mCt0Jwz0iOiIb8FSfPzWL4SSlb34ZGzftS:tPo+At0JwCC4O4PoorE
Malware Config
Extracted
https://ia600100.us.archive.org/24/items/detah-note-v/DetahNoteV.txt
https://ia600100.us.archive.org/24/items/detah-note-v/DetahNoteV.txt
Extracted
asyncrat
1.0.7
KLLL
148.113.165.11:3236
Dggx_gg
-
delay
1
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
524b71c4013215761e79452ecd84fecf4ee101bd2011d2d95e604a566db996af.vbs
-
Size
190KB
-
MD5
a992cf1046f493363298d5afb9caa0fe
-
SHA1
45655954dbcb8526284b0227728425d240dc2269
-
SHA256
524b71c4013215761e79452ecd84fecf4ee101bd2011d2d95e604a566db996af
-
SHA512
524425e8e0faa766ba90311ec2b74797023a5a173c353014b227026784717533dca8a3c10edb855b3fb5ae6acb83580b737471a140997fe34f9d265df9b280c2
-
SSDEEP
3072:tCqWL6Dgt5pSGwEXy73+eoUZ34mCt0Jwz0iOiIb8FSfPzWL4SSlb34ZGzftS:tPo+At0JwCC4O4PoorE
Score10/10-
AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
-
Blocklisted process makes network request
-
Command and Scripting Interpreter: PowerShell
Run Powershell and hide display window.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-